E-mail List Archives

Re: Re: Anti-spam email links in Javascript

for

From: Mike Brockington
Date: Apr 14, 2004 3:42AM


On Tue, 13 Apr 2004 16:34:00 +0300 (EEST)
"Jukka K. Korpela" < <EMAIL REMOVED> > wrote:


> surely such problems are outside the scope of this list.
My apologies if parts of this is OT, but the overall question is decidely relevant.

> Talk to the local IT staff.
Who do you think _I_ am? I don't do support, but 'development' does include such things as building email relays (with spam filtering) which I last did about three months ago, so I FULLY understand the implications of failing to protect addresses. This is a fully managed, enterprise-level spam solution, but there are two major issues. 1. Spam gets through - I deleted a dozen pieces of spam this morning, despite being 'protected'. 2. Genuine messages don't always get through. Both of these situations were considered unacceptable to certain people who have to respond to the public, and that was about two years ago, when spam levels were negligible compared to now, so those accounts are unfiltered. Totally.
To re-iterate; the reality is that I WILL NOT be allowed to expose email addresses without sensible obfuscation.
THEREFORE if I am to provide email contacts at all then I NEED to find some other/additional solution. The only one that has been proposed so far is to use a form-mail page.

> It is surely not a long term solution to "spam-protect"
> E-mail addresses by making the addresses available in munged form only.
> Sooner or later someone will put the address somewhere as such,
> and it will be harvested. If you had relied on the protective
> effect of address munging, the problem will be bigger
> then than it is now.
Sorry, I don't follow you here. I agree that Javascript obfuscation of email addresses could easily be beaten, but given the massive supply of addresses at the moment the spammers have little incentive to improve their spam-bots. On the other hand there is significant incentive for 'assistive' browser manufacturers to bring their software in line with 1990's technology levels by supporting Javascript - this whole issue is in fact nothing to do with User Disability, and everything to do with Browser disability. </rant>
Please don't misunderstand my intentions - I fully support the idea of accessible design, but when I look through the forums I find very little besides the odd trouble-maker complaining about the extra work, being preached at by people who often don't practice what they preach. What we all need is examples; when the WAI says 'until user agents... provide an alternative' there is rarely an indication of what that alternative should be.
Again though, that brings me back to the point that what the WAI says is NOT 'do not use' but 'provide an alternative'. My original question was whether a form-mail page was a 'suitable equivalent', or whether I need to pull the original Javascript link to avoid my employer being sued?

> Secure? Accessibility doesn't really disturb your spam filters, does it?
> And it's really not a matter of security but avoiding nuisance.
The word 'Secure' on its own may not adequatly express what either of us means
Like all professionals we try to implement 'belt and braces', part of this means taking all available precautions to prevent problems. Incidentally we recently had to upgrade our infrastructure because of the weight of spam and virus-generated messages, which at one point exceeded 10 unwanted messages for every genuine one.
I should also spell out here that I am talking about a large number of email addresses, not just one or two webmaster addresses, so the potential impact of exposing them all would be significant.

Mike






Check planning applications from your office or home
www.edinburgh.gov.uk/planning
Pay for on-street parking in central Edinburgh from your mobile phone
www.edinburgh.gov.uk/mpark
More at www.edinburgh.gov.uk/onlineservices
**********************************************************************
This Email and files transmitted with it are confidential and are intended for the sole use of the individual or organisation to whom they are addressed. If you have received this Email in error please notify the sender immediately and delete it without using, copying, storing, forwarding or disclosing its contents to any other person. The Council has endeavoured to scan this Email message and attachments for computer viruses and will not be liable for any losses incurred by the recipient.
**********************************************************************


----
To subscribe, unsubscribe, suspend, or view list archives,
visit http://www.webaim.org/discussion/